DPDK: lib/librte_security/rte_security.h Source File

Go to the documentation of this file.
 /*-
  *   BSD LICENSE
  *
  *   Copyright 2017 NXP.
  *   Copyright(c) 2017 Intel Corporation. All rights reserved.
  *
  *   Redistribution and use in source and binary forms, with or without
  *   modification, are permitted provided that the following conditions
  *   are met:
  *
  *     * Redistributions of source code must retain the above copyright
  *       notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above copyright
  *       notice, this list of conditions and the following disclaimer in
  *       the documentation and/or other materials provided with the
  *       distribution.
  *     * Neither the name of NXP nor the names of its
  *       contributors may be used to endorse or promote products derived
  *       from this software without specific prior written permission.
  *
  *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #ifndef _RTE_SECURITY_H_
 #define _RTE_SECURITY_H_
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 #include <sys/types.h>
 
 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <netinet/ip6.h>
 
 #include <rte_compat.h>
 #include <rte_common.h>
 #include <rte_crypto.h>
 #include <rte_mbuf.h>
 #include <rte_memory.h>
 #include <rte_mempool.h>
 
 enum rte_security_ipsec_sa_mode {
         RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT = 1,
         RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 };
 
 enum rte_security_ipsec_sa_protocol {
         RTE_SECURITY_IPSEC_SA_PROTO_AH = 1,
         RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 };
 
 enum rte_security_ipsec_tunnel_type {
         RTE_SECURITY_IPSEC_TUNNEL_IPV4 = 1,
         RTE_SECURITY_IPSEC_TUNNEL_IPV6,
 };
 
 struct rte_security_ctx {
         void *device;
         const struct rte_security_ops *ops;
         uint16_t sess_cnt;
 };
 
 struct rte_security_ipsec_tunnel_param {
         enum rte_security_ipsec_tunnel_type type;
         RTE_STD_C11
         union {
                 struct {
                         struct in_addr src_ip;
                         struct in_addr dst_ip;
                         uint8_t dscp;
                         uint8_t df;
                         uint8_t ttl;
                 } ipv4;
                 struct {
                         struct in6_addr src_addr;
                         struct in6_addr dst_addr;
                         uint8_t dscp;
                         uint32_t flabel;
                         uint8_t hlimit;
                 } ipv6;
         };
 };
 
 struct rte_security_ipsec_sa_options {
         uint32_t esn : 1;
 
         uint32_t udp_encap : 1;
 
         uint32_t copy_dscp : 1;
 
         uint32_t copy_flabel : 1;
 
         uint32_t copy_df : 1;
 
         uint32_t dec_ttl : 1;
 };
 
 enum rte_security_ipsec_sa_direction {
         RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
         RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
 };
 
 struct rte_security_ipsec_xform {
         uint32_t spi;
         uint32_t salt;
         struct rte_security_ipsec_sa_options options;
         enum rte_security_ipsec_sa_direction direction;
         enum rte_security_ipsec_sa_protocol proto;
         enum rte_security_ipsec_sa_mode mode;
         struct rte_security_ipsec_tunnel_param tunnel;
         uint64_t esn_soft_limit;
 };
 
 struct rte_security_macsec_xform {
         int dummy;
 };
 
 enum rte_security_session_action_type {
         RTE_SECURITY_ACTION_TYPE_NONE,
         RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
         RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
         RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
 };
 
 enum rte_security_session_protocol {
         RTE_SECURITY_PROTOCOL_IPSEC = 1,
         RTE_SECURITY_PROTOCOL_MACSEC,
 };
 
 struct rte_security_session_conf {
         enum rte_security_session_action_type action_type;
         enum rte_security_session_protocol protocol;
         RTE_STD_C11
         union {
                 struct rte_security_ipsec_xform ipsec;
                 struct rte_security_macsec_xform macsec;
         };
         struct rte_crypto_sym_xform *crypto_xform;
         void *userdata;
 };
 
 struct rte_security_session {
         void *sess_private_data;
 };
 
 struct rte_security_session * __rte_experimental
 rte_security_session_create(struct rte_security_ctx *instance,
                             struct rte_security_session_conf *conf,
                             struct rte_mempool *mp);
 
 int __rte_experimental
 rte_security_session_update(struct rte_security_ctx *instance,
                             struct rte_security_session *sess,
                             struct rte_security_session_conf *conf);
 
 unsigned int __rte_experimental
 rte_security_session_get_size(struct rte_security_ctx *instance);
 
 int __rte_experimental
 rte_security_session_destroy(struct rte_security_ctx *instance,
                              struct rte_security_session *sess);
 
 int __rte_experimental
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
                               struct rte_security_session *sess,
                               struct rte_mbuf *mb, void *params);
 
 void * __rte_experimental
 rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
 
 static inline int __rte_experimental
 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
                               struct rte_security_session *sess)
 {
         sym_op->sec_session = sess;
 
         return 0;
 }
 
 static inline void * __rte_experimental
 get_sec_session_private_data(const struct rte_security_session *sess)
 {
         return sess->sess_private_data;
 }
 
 static inline void __rte_experimental
 set_sec_session_private_data(struct rte_security_session *sess,
                              void *private_data)
 {
         sess->sess_private_data = private_data;
 }
 
 static inline int __rte_experimental
 rte_security_attach_session(struct rte_crypto_op *op,
                             struct rte_security_session *sess)
 {
         if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
                 return -EINVAL;
 
         op->sess_type =  RTE_CRYPTO_OP_SECURITY_SESSION;
 
         return __rte_security_attach_session(op->sym, sess);
 }
 
 struct rte_security_macsec_stats {
         uint64_t reserved;
 };
 
 struct rte_security_ipsec_stats {
         uint64_t reserved;
 
 };
 
 struct rte_security_stats {
         enum rte_security_session_protocol protocol;
         RTE_STD_C11
         union {
                 struct rte_security_macsec_stats macsec;
                 struct rte_security_ipsec_stats ipsec;
         };
 };
 
 int __rte_experimental
 rte_security_session_stats_get(struct rte_security_ctx *instance,
                                struct rte_security_session *sess,
                                struct rte_security_stats *stats);
 
 struct rte_security_capability {
         enum rte_security_session_action_type action;
         enum rte_security_session_protocol protocol;
         RTE_STD_C11
         union {
                 struct {
                         enum rte_security_ipsec_sa_protocol proto;
                         enum rte_security_ipsec_sa_mode mode;
                         enum rte_security_ipsec_sa_direction direction;
                         struct rte_security_ipsec_sa_options options;
                 } ipsec;
                 struct {
                         /* To be Filled */
                         int dummy;
                 } macsec;
         };
 
         const struct rte_cryptodev_capabilities *crypto_capabilities;
         uint32_t ol_flags;
 };
 
 #define RTE_SECURITY_TX_OLOAD_NEED_MDATA        0x00000001
 
 #define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD      0x00000002
 
 #define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD      0x00010000
 
 struct rte_security_capability_idx {
         enum rte_security_session_action_type action;
         enum rte_security_session_protocol protocol;
 
         RTE_STD_C11
         union {
                 struct {
                         enum rte_security_ipsec_sa_protocol proto;
                         enum rte_security_ipsec_sa_mode mode;
                         enum rte_security_ipsec_sa_direction direction;
                 } ipsec;
         };
 };
 
 const struct rte_security_capability * __rte_experimental
 rte_security_capabilities_get(struct rte_security_ctx *instance);
 
 const struct rte_security_capability * __rte_experimental
 rte_security_capability_get(struct rte_security_ctx *instance,
                             struct rte_security_capability_idx *idx);
 
 #ifdef __cplusplus
 }
 #endif
 
 #endif /* _RTE_SECURITY_H_ */